Fix and add unit tests for license views #847

Signed-off-by: Thomas Druez <[email protected]>
aboutcode-org · Aug 9, 2023 · 2e83742 · 2e83742
1 parent fe88733
commit 2e83742
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 45 deletions.
diff --git a/scanpipe/tests/test_auth.py b/scanpipe/tests/test_auth.py
@@ -116,7 +116,7 @@ def test_scancodeio_account_profile_view(self):
     def test_scancodeio_auth_views_are_protected(self):
         a_uuid = uuid.uuid4()
         a_int = 1
-        a_path = "path"
+        a_string = "string"
 
         views = [
             ("account_profile", None),
@@ -129,7 +129,7 @@ def test_scancodeio_auth_views_are_protected(self):
             ("project_delete", [a_uuid]),
             ("project_reset", [a_uuid]),
             ("project_detail", [a_uuid]),
-            ("project_results", [a_uuid, a_path]),
+            ("project_results", [a_uuid, a_string]),
             ("resource_raw", [a_uuid, a_int]),
             ("resource_detail", [a_uuid, a_int]),
             ("project_execute_pipeline", [a_uuid, a_uuid]),
@@ -138,7 +138,7 @@ def test_scancodeio_auth_views_are_protected(self):
             ("run_detail", [a_uuid]),
             ("run_status", [a_uuid]),
             ("license_list", None),
-            ("license_details", [a_path]),
+            ("license_detail", [a_string]),
         ]
 
         for viewname, args in views:

diff --git a/scanpipe/tests/test_licenses.py b/scanpipe/tests/test_licenses.py
diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
@@ -30,6 +30,7 @@
 from django.test import TestCase
 from django.test import override_settings
 from django.urls import reverse
+from django.urls.exceptions import NoReverseMatch
 
 from scanpipe.models import CodebaseResource
 from scanpipe.models import DiscoveredPackage
@@ -796,3 +797,28 @@ def test_scanpipe_views_discovered_package_details_view_tab_vulnerabilities(self
         self.assertContains(response, "tab-vulnerabilities")
         self.assertContains(response, '<section id="tab-vulnerabilities"')
         self.assertContains(response, "VCID-cah8-awtr-aaad")
+
+    def test_license_list_view(self):
+        url = reverse("license_list")
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        expected = '<a href="/license/apache-2.0/">apache-2.0</a>'
+        self.assertContains(response, expected)
+
+    def test_license_details_view(self):
+        license_url = reverse("license_detail", args=["apache-2.0"])
+        response = self.client.get(license_url)
+        self.assertEqual(response.status_code, 200)
+
+        dummy_license_url = reverse("license_detail", args=["abcdefg"])
+        response = self.client.get(dummy_license_url)
+        self.assertEqual(response.status_code, 404)
+
+        xss = "%3Cscript%3Ealert(document.cookie);%3C/script%3E/"
+        with self.assertRaises(NoReverseMatch):
+            reverse("license_detail", args=[xss])
+
+        xss = "%3Cscript%3Ealert(document.cookie);%3C"
+        xss_url = reverse("license_detail", args=[xss])
+        response = self.client.get(xss_url)
+        self.assertEqual(response.status_code, 404)
diff --git a/scanpipe/urls.py b/scanpipe/urls.py
@@ -162,7 +162,7 @@
         name="project_list",
     ),
     path(
-        "license/<path:key>/",
+        "license/<str:key>/",
         views.LicenseDetailsView.as_view(),
         name="license_detail",
     ),